Slashdot Mirror
New RedHat Kernel Patch Illegal to Explain to U.S. Users
Russellkhan writes "The Register is running a story about a new RedHat kernel patch that cannot be explained to U.S. citizens or others in the U.S. because of DMCA restrictions. The illegal explanation is hosted at Thefreeworld.net, a site created specifically to deal with these DMCA issues."
At least blame Bush for HIS mistakes.
Um, whose name is at the bottom of the DMCA? I'm pretty sure it's not Bush's. Want a high comment score on Slashdot? Bash Bush.
To quote the article:
...just as ridiculous as the idea that the US authorities are going to start flying non-US citizens to Cuba to shoot them...
Isn't this almost what we are doing to supposed Taliban and Al Qaeda "war prisoners". Not so far off...
People who have witty things here blow.
Posting this in the US would not be a violatiuon of theDMCA except if you used some ludicrously tortured logic. It would be like me claiming that you disagreeing with this post is a violation of the DMCA. the complainers also knwo this. This is why they make vague claimns about "the DMCA" rather than specifying the explicit clause in the DMCA.
I know a court has ruled deCSS to be in violation of the DMCA, but that was because the judge was stupid, and the MPAA was smart enough to convince him that the utility is "primarily intended for circumvention of a protection mechanism". The keyword there is "primarily".
The security fix information is not primarily intedned to do alow people to break into servers, and it would require some rather convoluted argument to suggest that it should.
Yes, ofcourse, but you may not be able to fathom out what the patch does from the source. A security fix which prevents a buffer overflow could be as simple as adding or removing a typecast, which, if the kernel coders themselves didnt realise could be a security issue - Most Joe User's wont notice either... :(
Still, as a principal, it is a bit silly to disallow a text describing the change but allow the source which IS the change. Stupid law.
loply.com
Anything you say can and will be held against you in a court of law.
Land of the free ride to jail.
What the fuck has happened to our country? It's time to get rid of all the unenforceable bullshit laws. Copyright holders do not have the right to have their business models enforced by the police. And as for prohibition let's get the fuck over it.
Dosent seem too unlikely considering the chaps at the top
My Aurora : http://www.youtube.com/watch?v=o91ZsGwJYyg
FB : https://www.facebook.com/TanveersPhotography
I'd agree. I'd really like to know what the problem is. And where the DMCA has any damn right to tell me I can't read it. I cannot fathom what could be in that stupid text that would violate the DMCA. Anyway. Since this is an explination of the changes made to the software that I run, that I risk my data on, I think I have the right to that text. And if the goverment disagrees, then I'll take my ass and my money, and my vote over seas.
Can all fish swim?
Sounds to me like this is a stunt. Clearly they will get media attention (thanks Register) and hopefully get picked up by major media in the states. This is especially possible if there is a nice long stream of indignation from folks on Slashdot (including mine). That said, what a great stunt, and for what a great cause. Some one at RedHat is smart enough to be motivated not by legal paranoia (however recently justified) but by political savvy.
...begins in wonder
Hmmm someones going to get spanked for that post, breaking the copy right nd putting the US citizens at rick (phew thank flip in an Englishman)
Do you ever get the impression the Presidents just sign stuff without knowing what they are talking about.................DMCA
Kingdom of Loathing (www.kingdomofloathing.com) Addicted is me
This is exactly the same form of FUD we've all come to hate, it's just based on law rather than technology this time. There is no way a kernel patch can violate the DMCA for the simple fact that the Linux kernel doesn't enforce any type of copy protection.
There are enough problems with the DMCA that we don't need to make things up. If stories like this become commonplace, then lawmakers will soon ignore anyone who opposes the DMCA because they'll automatically assume they're acting on FUD and not the facts.
Please, PLEASE make an update to this article stating it's just FUD. PLEASE!
You're right. The signature at the bottom of the DMCA is:
(signed) All American Citizens
In a democracy, you are responsible for the actions of those you elect.
There is still time. Your elected representatives will pay attention to you, the American voters, only for the next 3 weeks or so. Mobilize if you can; otherwise suffer 2 more years of the same but please don't complain!.
That patch was released on 2002-08-20, nearly two months ago, and was available through RH's up2date system so many US users will have updated to it. It's only now being reported as news about the DCMA restrictions?
I've got a fever and the only prescription is more COBOL.
No, it makes sense. Teaching people about security holes is illegal. Patching them isn't.
Describing what you patched, though, would entail describing the security holes on an unpatched system. Ding! Go to Jail...
-- IANAEG - I am not an elder god.
But, what about the source? I can freely download the source for this patch, right? So, how does that NOT violate the DMCA? Lets say that obtaining the source for this patch were illegal... what conflict would this have with the GPL?
Well according to some courts, the code is not speech, so the source itself is not dangerous, but the binaries compiled are.
This SIG pulled due to lack of funding. (This damn war is costing too much!)
Ok, this looks to me to be the same as any other patch documentation. My impression is that the reasons it's illegal are the same sections and logic used to indight Skylarov. If I'm not mistaken in those two things, isn't all patch documentation illegal under the DMCA?
Quick word of commentary, it wouldn't surprise me at all if this were true by the letter of the law. This is exactly why we have been complaining for so long, because the law is overly broad, and restricts things that it obviously shouldn't. On the other hand, I didn't think it was so broad as to cover all security documentation.
Science may someday discover what faith has always known.
Yes, but read this sentence on thefreeworld.net site:
* acknowledge that by downloading the data outside of the European Union you are performing an act of importation.
I think it clearly means that the site is in the E.U. Moreover, netcraft says that it is hosted by planet online which is based in the UK, AFAIK. So the owner is in the US, the site in the EU.
I'll do it for cheesy poofs.
To me providing a patch in source form is exactly the same as providing a description. Source code is readable. People who can program in the language that the patch was made in, can understand (with a little bit of effort) what is going on there. So to me this patch is a description. It is only given in another language then plain english.
:-)
I leave aside what this implies for the DMCA though
Greetings,
Project Manager of Crystal Space (http://www.crystalspace3d.org). Support CS at http://tinyurl.com/cb3x4
There is still time. Your elected representatives will pay attention to you, the American voters, only for the next 3 weeks or so. Mobilize if you can; otherwise suffer 2 more years of the same but please don't complain!.
You can honestly say that? My elected officials will pay attention to me only during election season, and I'm not supposed to complain? Screw that. Democracy only works if you don't pay attention to what happens. We have the DMCA, the Patriot Act, corporate tax breaks out the wazoo, and politicians who are essentially puppets for the companies who paid to have them elected. You're right, I shouldn't complain.
It's a subtle point, but it's not the DMCA that says you can't read it. It's the author who says you can't read it. The DMCA says he can't tell you. You don't violate the DMCA by reading it; you violate the author's copyright. This kind of difference is important in matters of law.
'SBEMAIL!' is better than a goat!!
Just becaues you don't vote doesn't mean you can't complain
Voting IS complaining... only it's a USEFUL form of complaining that elected representatives listen to. If you don't like someone, vote against them. THAT should be how you complain. If you don't vote, you're allowed to complain, sure (free speech and all). But you can't expect your complaints to do any good.
Any individual's vote makes no difference
Gore would disagree with you.
Go figure. :)
BD Phone Home!
Shameless plug. Like you weren't expecting it.
One of the prime rules of administering a system is to never destabilize it. I have great respect for Red Hat, and use their systems every day, but whatever this patch does, I will not apply it until I understand what effect it is going to have on my systems.
I suppose I could (and really SHOULD) look at the source and figure it out from there, but given the fact that time is a scarce resource, it will be lower on my priority list than the other problems that are more readily apparent to me.
That means that the DMCA is actually contributing to the destabilization of the systems I am responsible for. Makes me wonder just who is being protected here in the land of "free speech" and home of the brave.
We do value the ideas of Democracy, but we are a Republic. A Republic is just a little bit different then a Democracy. For instance, we do vote for the men and women that represent us in our nation's capital.
However, the laws that they create do not necesarily represent the views of their constituents. If that was the case, then every American Citizen would have the right to vote on the creation of laws such as the DMCA.
Our Republic is a popularity contest regarding who ends up in office. This popularity contest is run in front of a back-drop of "parties" which are supposed to represent the basic views of the person running for that office.
In the Republic of the United States, true Democracy only exists in the local arena (School Millage Hikes/Cuts, local ordinances and such) and sometimes shows its face in state elections when public acts are put up for citizen review.
If we lived in a true Democracy, I personally believe that the citizenry would have destroyed the Constitution many years ago by creating laws that limit the freedoms and liberties that our Republic currently partially protects. The trouble is that our representatives have forgotten that and so have the citizens that voted them in. If they were to remember what our form of government really is and change some of their ways, we can once again move forward with our great experiment.
If you ignore the other uses of a tool, does that make the tool less useful, or you less useful?
You're being silly here. None of this is going to happen, because other countries are considering, or have already enacted, laws just as bad, if not worse than, the DMCA. Check out the information on the EU directive known as the European Union Copyright Directive, or the Digital Agenda Act, which is Australia's answer to the DMCA. The DMCA is on shaky constitutional grounds in the US, is the act your country going to pass be?
Marxism is the opiate of dumbasses
The Patch is a fix for security flaws, something the DMCA has no problem with. (unless you happen to think breaking == fixed)
On the other hand, describing what those flaws are, and how they may be exploited IS in violation. So what you've said, "I doubt very much that the DMCA would apply to a description of a patch WITHOUT applying to the patch itself" is wrong in a couple of ways.
The presence of the patch actually weakens the legitimacy of the DMCA violation, not the other way around. The description, a laundry list of exploits, would be a much more valuable target. With that said, it's pretty clear no-one would even attempt to prosecute. The only reason this is being done as it is, is to call attention to a bad law.
As far as this being the wrong way, I think inconvinencing people and creating a dialog in the media is exactly the _right_ way to get the issue resolved.
Aaron
AaronCameron.net
Sticking feathers up your butt does not make you a chicken - Tyler Durden
I believe that these guys try the wrong way to persuade others that the DMCA is bad.
What? This is one of the most effective anti-DMCA bits, uh, ever. "You, over there. In the US. You can't read this. Shoo." Telling people 'no' is a sure way to invoke thier interest.
Maybe the state's highest function is to grind out insoluble problems. (Zelazny, Hall of Mirrors)
The last couple of times I've tried complaining about anything to my elected representative, they sent me letters back saying that was not something they were currently involved in.
/I/ am not represented.
Like I keep a roster of what they are currently involved in! I do, however, know what current events are hot in Washington. If they aren't involved in those, then there's a problem. That means that
-- This space for lease, low setup fee, inquire within!
We already are on Double Secret Probation! Have been since 26-OCT-2001. Argh.
"Avoid employing unlucky people - throw half of the pile of CVs in the bin without reading them." -- David Brent
The issues discussed in the patch notice are pretty mundane, and it took me quite some time to figure out what the hell the problem with the DMCA might be. I'm still not sure.
The reasoning, apparently, is that by documenting the security weaknesses that were fixed, they reveal ways to hack unpatched versions of the kernel. And that would be circumvention, and hence violations of the DMCA. All of the holes were found in code audits, and there are no known exploits, so this announcement documents these problems for the first time. (Maybe it's less of an issue if you announce fixes to holes that someone else already found.)
But if that is really taken as a violation of the DMCA, then almost all public notices of security issues may be illegal, even if the author did not write an exploit, and indeed even if no exploit is known to exist. The entire CERT site is at risk. Bruce Schneier may be one of the rampant criminals on Earth.
I dunno, it certainly would be crazy if the DMCA really has that implication, but are Cox and Co. certain that the law really means that? I'll bet there is no case law suggesting such a thing -- and after all, it's the courts' interpretations that really matter in the end. Has any legal scholar ever suggested that the DMCA can be interpreted this way?
I certainly don't like the DMCA, and I think it's unconstitutional (First Amendment, you know), but I wonder if this stunt will backfire. If it turns out that they're making a big deal out of something that the DMCA doesn't actually forbid, then opponents of the law will end up looking a bit hysterical.
Always keep a sapphire in your mind
They never talked about my pothole in front of my driveway either...
The majority of America doesn't give a rats ass about DCMA...DAMC...what's it called?
yet...
Yes, but am I responsible for the actions of a president I most emphatically did not elect, whom many would say was not legitimately elected at all but sits in the Oval Office nonetheless? Am I responsible for the actions of some senator from North Carolina or Texas (I'm in Massachusetts) who is the chair of some committee that exercises extra-Constitutional power to affect what bills even get seen by the full legislature? Am I responsible for the actions of some unelected official even though their rules and regulations only have the force of law because Congress improperly abdicated their legislative authority when they created some bureau fifty years ago?
No, no, and no. I can and do vote for a mere handful of representatives, whose roles have become so diluted by the above factors that voting is purely an act of principle untinged by practical effect. To say that people in general are responsible for outcomes that people in general can affect so little is ridiculous.
Slashdot - News for Herds. Stuff that Splatters.
Seriously, how do people defend Bush? Clinton was a crappy president in a lot of ways (DMCA, weapons treaties, etc) and so is Bush.
You do realise that your country is holding people prisoner in Cuba in violation of the Geneva Convention on the treatment of Prisoners of War (and don't be nice to them!), right? And that your country has decided that doing something about the Greenhouse Effect is too expensive? Or that letting other countries try your soldiers on war crimes is too hard? And that getting rid of weapons of mass destruction is good, unless they're yours
Not that my country is innocent; Little Johnny locks up kids in the desert and uses the navy to storm refugee ships and then pays other countries to take the refugees of our hands.
¦ ©® ±
Forgot about this poor bastard? Well, he is an AMERICAN CITIZEN enabled by all the rights of the CON-stitution of the Corporation of the United States of America c1871. All he did was boast about being a bad-ass in a bar. Now, he's on the brig, wasting away.
And do you think that the prisoners in Guantanamo bay are having catamaran runs? Moron!
www.whatreallyhappened.com
http://geocities.com/torturevictim/cuba.html
Remember, everyone always asks, "Duh, how did Hitler get to power..." Well, unlike Dubya he was ELECTED! STAY SHARP PEOPLE!
If that is true, then can we PLEASE submit this as an actual case where the DMCA has unintended consequences? I know the copyright office will be soliticing comments in early Nov.
to trick someone who isn't free to believe he is, than it is to trick someone who is free into believing he isn't.
Think about it.
But then it actually happened in Real Life. Lawyers at HP saw how DMCA could be abused to prevent discussion about vulnerabilities, they used it to bully. Most people wouldn't have believed it six months ago, but nowdays, thanks to HP, we know that it really is plausible that DMCA could be used by someone to attack Red Hat for discussing a security problem. It's not just theoretical. It's not just paranoia. It actually happened.
So it's more than just a stunt; it's also a ridiculous but legitimate ass-covering, made necessary by a ridiculous law.
As copyright owner of this comment, I authorize everyone to defeat any technological measure which limits access to it.
If I read all of this right, it appears that the discoverers of the bug copyrighted their white paper in a way that prohibited distribution to anyone in the US. Thereby allowing them to invoke the DMCA if they so choose. As the register article points out, Red Hat was forced to go along with this because the authors of the bug whitepaper wanted to prove a point. With all of the real issues (Here & here) surrounding the DMCA, why are we even wasting our time with this?
Who are you? The new #2 Who is #1? You are #617565. I am not a number, I am a free man! Muhahaha.
The mere thought that knowledge is criminal is patently absurd. This nonsense is further proof that US corporations prefer the American public as dumb as possible.
A preferably dumb American consumer is simply fuel for the machine. Don't ask, just pay us and thank us for providing you with insert good or service here?.
Hopefully, within the Supreme Court, will see that the rights of free speech trump this ridiculous law.
That's where the problem is. Most of the major players involved in some way with the DMCA are in favor of it, most of it's opponents don't have the resources to fight them.
Sure, there are plenty of other wealthy people/corportations who COULD help in the fight, but there's no reason for them to do so. Why help out people like us at their expense, unless they're helping themselves too?
This has been a test. Had this been a real emergency, we would have fled in terror and you would not have been informed.
This is really stupid and childish. I'll be the first to condemn the DMCA (after my own legal troubles with it), but this is not the way to go about it.
Someone correct me if I'm wrong (I'm not a lawyer though I have studied the DMCA and lawsuits based on it carefully), but the DMCA absolutely does not ban security information. The only related things that it addresses are circumvention (of protection technology in order to access a copyrighted work) and trafficking in circumvention devices. Security information (especially in the form of a vague changelog) is absolutely not either of those. By no stretch of the imagination can I figure out how it's supposed to be a violation of the DMCA.
What's really going on here? Someone (Alan Cox) is trying to make a point about the control that the DMCA gives to copyright holders. He's placed a piece of his copyrighted information that some people want (text of the kernel changelog) behind a click-through license that says you can't access it if you're from the USA. In my opinion this has fuck-all to do with the DMCA (because there is no "technological measure" to circumvent -- please read the definition of technological measure in the DMCA if you disagree with me), just click-through licenses, but, whatever. Then Red Hat decides, well, we can't copy that information because the copyright holder has told us we can't. Assuming that such click-through licenses are legal in the first place, of course, RH would be entirely within its rights for a non-US-citizen to license the document and then summarize it for Red Hat. Either they are too lazy for this, don't understand the issues involved, or are perpetuating this same bizarre notion that the DMCA makes every single thing you'd want to do illegal.
The DMCA only has to do with copyright, and only as far as circumventing technological measures that protect copyrighted material. The court enjoined DeCSS because it found it to be a circumvention device (they did NOT enjoin english descriptions of the algorithm, and especially not security notices about CSS being weak!). I don't agree with the decision, but at least it makes sense in terms of the law. (I also don't agree with the law!!)
The important point I'm trying to make is that to fight dumb laws like the DMCA, we need to understand what they really say and what the actual implications are. There's a tendency for hackers to use logical deduction ("If DeCSS is illegal because it can be used to break DVDs, then hammers must be illegal because they can be used to smash open store windows!") in order to decide the implications of a law. THIS IS NOT HOW COURTS WORK! Law is much more squishy than that. Making these sorts of alarmist claims, as if the DMCA outlaws everything that we'd ever want to do, hurts our cause by spreading misinformation. Instead, we should be educating people about what the DMCA actually addresses (ie, "Did you know it would be illegal for you to create MP3s from SACDs that you bought?" or "Did you know that it's illegal to buy mod chips for your Playstation so that you can play imported games that you also legally purchased?" or "Did you know that it's illegal to use your screen-reader software with the eBook that you legally bought?"). That's how we can convince people that the law is wrong.
Slashdot needs a "Depressing yet true" moderation catagory.
You don't violate the DMCA by reading it; you violate the author's copyright.
No, the author has no right to stop me from reading something that he's published; all he can do is dictate who may distribute copies. Before anybody asks, the copying required to view the page doesn't count, as it is required to use the page normally
"We returned the General to El Salvador, or maybe Guatemala, it's difficult to tell from 10,000 feet"
No one here or in the referenced links has backed up the claim that DMCA would apply to publishing these kernel patches, using quotes from the DMCA itself. Why do you suppose this is?
And more importantly, why are so many people willing to accept these claims without any proof or even any evidence?
Readers need to think for themselves, and not just accept what people tell them. It's all too easy to swallow unsupported claims which fit into our preconceptions. But in fact those are the ones for which it is most important to check the facts, simply because they are the ones where we are most likely to make mistakes.
See my earlier post for evidence that the DMCA does not apply to publishing kernel source. I quote from the text of the DMCA itself, and link back to the rest of it.
Shouldn't a position that has evidence behind it be more believable than one which is offered without any backing at all? Pay attention to your own thought processes as you consider the new information I am presenting here. Think about whether you are being objective and open to new ideas, even when they contradict your prejudices.
Thinking for yourself is hard work, harder than letting other people think for you. But if you can get yourself to do it, eventually you'll find that it's a hard habit to break.
Click Here for my other post on this topic.
The basis of which is that it's all a matter of interpretation, and the law tends to side with the less reasonable more often than not (in the US). Hence people can sue McDonald's for hot coffee and the like. Reason holds no light to law. And I'm not trying to be flamebait, or start an argument amongst us, but if you look at cases logically, ESPECIALLY in technology, where there are fewer experts than one would expect by counting the number of epople who proclaim themselves as technology experts, you would surely see an imbalance in the law where technology is concerned.
-Xeph
Kernel patch submissions from Alan Cox should no
longer be accepted. It's apparent that he is not
just doing this because he hates the DMCA, but that he is trying to give Americans a hard time in general.
Any idiot will understand that the DMCA has nothing to do with circumstances like this kernel patch. Any lawyer can explain to you exactly why. I'm not going to quote from the law, because frankly, no one on
Slashdot is capable of interpreting the legal terminology.
That is what lawyers (unfortunately) are for. If you really want to understand the DMCA, consult a LAWYER (they are a necessary evil in the US).
Words such as "effective", "reasonable", "primary" all have special meanings when it comes to legal documents.
Basically, there are no copyrighted works involved here. And the kernel patch is not primarily written to circumvent some type of digital rights management. The point is, yes, occasionally crazy issues end up in the courts - you can sue pretty much anybody for *anything*. (Hey, my C compile lets me write code to circumvent CCS, my hammer allows me access to the local library to steal books, etc. Thats not the DMCA though) Fortunately for us, the crazy cases don't usually go very far in the court system. Yes, it was surprising about what happened with Adobe and the Russian guy (what was his name?), but that was a much different issue - where the notions of copyright and copy protection where VERY clear there.
Do you think Alan Cox consulted his lawyer before submitting his kernel patch under such an absurd copyright? I doubt it.
So, the end result simply becomes that Alan Cox is beign stubborn. We don't like the DMCA, but he really isn't at risk from it because of a kernel patch. Let's not support this kind of insanity anymore. Sure, continue to fight the DMCA, but let's also make our voices in the Linux community heard, and make it clear that we don't want to deal with whiny, stubborn idealists who are always trying to push a political agenda. It distracts from what we (and Linus) are trying to do with Linux and OSS (for some at least)
If a security document describing flaws in the kernel is a violation of the DMCA, than surely any coments in the source code of any Open Source product are also in violation (I guess that means my code is safe! *grin*)!
/bin/cat... HA! It's now a tool to circumvent copy protection, don't let it run with root privs! And don't forget to change chmod so it can't clear bits... the DMCA doesn't specify that *YOU* may circumvent your own protection!!!
Further, since the DMCA doesn't specify that the language must be English, the source code itself might well be in violation. Say goodbye to utilities like crack (and thus cracklib), or port-scanners. In fact, you might choose to view the contents of a protected file with
Hmmmm, now what big organization hates open-source, and would benefit the most from having it declared illegal.... what giant mega-corp would be happy to have security notifications disallowed.... hmmmmm....
I can understand that Cox wouldn't want to be skyleroved.. Yes he works for RedHat and RedHat is a US company.... All the more reason to be worried about being made a 'test case'.
It's one thing to cry 'paranoid'. It's another to be told by your lawyer that, should you take what you consider to be a completely reasonable and prudent action, you run the risk of:
- Being arrested and possibly held without bail (risk of flight as a foreign national).
- havin your trip schedule completely messed up.
- being denied access to your primary employer's home state
- having to defend yourself against criminal charges (even if you're found innocent, it could cost you hundreds of thousands of dollars).
- If found guilty, you could end up in jail for years.
Remember: We already have Skylerov as example of having this happen to a foreign national.Given a choice between this, and making a political statement about the stupidity of this law by simply obeying it, what would you do? If you had a family to support, would this change your decision?
Free Software: Like love, it grows best when given away.
Perhaps you don't live within the US? Are you not familiar with how technology trials have gone in the past? I'm not speaking of mistrials, I'm talking about trials that end with bad results due to the misinterpretation of a law and/or misunderstanding of technology. A stretch? Sure! But stretches of the law occur daily in the US... *shrug*